Thousands of customers data using Indian Payments App account leaked and available on the dark web.
MobiKwik — Data Breach
Personal details of 3.5 million MobiKwik users data might leaked, according to independent cybersecurity researchers.
MobiKwik — a Truly Indian Payments App used by 100 Million Indians, where 8.2 terabytes (TB) of data belonging to millions of its users began circulating on the dark web.
However, the leaked data includes sensitive personal information such as:
- customer names
- hashed passwords
- email addresses
- residential addresses
- GPS locations
- list of installed apps
- partially-masked credit card numbers
- connected bank accounts and associated account numbers
- also, know your customer (KYC) documents of 3.5 million users.
The leak was first reported in February by security researcher Rajshekhar Rajaharia, the database containing contains 36,099,759 files adding that it contained KYC data of nearly 3.5 million people.
But, on March 4, the digital wallet company denied the incident.
On March 27, the hacker claimed 1.5 bitcoin ($85,684.65) stating, “we recovered all data and it’s up for sale,” for about 8TB of their data.
Message from the Company
Certainly, on Monday, a link from the dark web began circulating online, and several users confirmed seeing their personal details in it.
In a tweet from MobiKwik, “A media-crazed so-called security researcher has repeatedly over the last week presented concocted files wasting precious time of our organization while desperately trying to grab media attention,”
Further added, “We thoroughly investigated his allegations and did not find any security lapses. The various sample text files that he has been showcasing prove nothing. Anyone can create such text files to falsely harass any company.”
Meanwhile, MobiKwik spokesperson downplayed the breach, stating that the data shared on the dark web site hasn’t been retrieved from its own servers.
In addition, the company has robust internal policies and information security protocols and is subjected to stringent compliance measures under its PCI-DSS, CISA, and ISO 27001:2013 certifications.
The company also said it’s working with relevant authorities to carry out a security audit of its platform.
In short they stated — We are committed to a safe and secure Digital India.